1. Field of the Invention
The present invention relates generally to a wireless local area network, and in particular, to an authentication method for fast handover of a mobile node.
2. Description of the Related Art
A wireless local area network (WLAN) is a data communication system with high flexibility, realized as an alternative or extended version of a wired local area network (LAN). The wireless local area network can wirelessly exchange data with the minimum number of lines, using a radio frequency (RF). Such a wireless local area network enables a so-called mobile network in which a user can enjoy benefits of data communication using simple equipment while on the move.
The wireless local area network is comprised of at least one wireless access point (AP) that services a limited region, hereinafter referred to as “cell”. In such a wireless local area network, it is very important to enable a user node or mobile node that travels from cell to cell to continue seamless communication. For that purpose, a procedure for handing over control of the communication from one access point to another access point is required and this procedure is called “handover.” Institute of Electrical and Electronics Engineers (IEEE) has defined an inter-access point protocol (IAPP) for communication and handover between access points (see ANSI/IEEE Std. 802.11, Aug. 1999, IEEE Std. 802.11f/D3, January 2002).
For handover, a mobile node must exchange many signaling messages with access points, which, however, undesirably causes time delay and thus a reduction in the quality of a call. Particularly, in the case where the mobile node is assigned a new network identification address, i.e., Internet protocol (IP) address each time it associates with or accesses an access point, a complicated signaling procedure for searching a corresponding access router during handover and registering the assigned address in a home agent is required. Therefore, much research has been conducted on technologies for efficiently performing handover in a wireless communication environment.
The wireless local area network is advantageous in that a user can conveniently use the network without conducting complicated operations such as line installation. In contrast, however, the wireless local area network is disadvantageous in that an unauthorized user can simply access the network. In many cases, if an access point is physically cut off from the outside, the access point connected to a network permits a mobile node, that newly enters its region, to access the network without authentication operation. In the wireless local area network, since it is difficult to limit a signal delivery region in the light of characteristics of a radio signal, a mutual authentication function between a mobile node and an access point must be provided in order to give users different rights to access the network. Therefore, when an organization that requires security, such as a company, wishes to use the wireless local area network, mutual authentication is necessarily required for a mobile node that attempts an access to the network over several access points, by handover.
According to LAPP, when a mobile node in communication accesses a new access point and requests re-association, the new access point is provided with authentication and security information from a previous access point under the control of an authentication server without performing a new authentication procedure with the mobile node. In this case, however, authentication is necessary even for message exchange between access points.
FIG. 1 illustrates a handover and authentication procedure in a wireless local area network according to the prior art. Referring to FIG. 1, as a mobile node 1 moves from a service area or coverage of a first access point 2 to a service area of a second access point 3, the mobile node 1 sends a Re-associate Request signal to the second access point 3 in step 110. The second access point 3 then sends an authentication server (AS) 4 a Query signal for inquiring about security information for communication with the first access point 2 in step 120. Upon receiving a Query Response signal for the Query signal from the authentication server 4 in step 130, the second access point 3 sends the first access point 2 a Security Block signal for requesting handover in step 140. The first access point 2 then returns or acknowledges the Security Block signal with authentication and security-related information used during communication with the mobile node 1 in step 150. Thereafter, if the second access point 3 sends the first access point 2 an IAPP Move Request signal indicating its operation state according to IAPP in step 160 and then receives an IAPP Move Response signal from the first access point 2 in step 170, the second access point 3 sends the mobile node 1 a Re-associate Response signal indicating completion of re-association in step 180.
In the above-stated handover procedure for a wireless local area network, Internet Protocol. Security (IPSec) standard is currently used as an authentication method between access points. The IPSec is especially useful in realizing a virtual private network and remotely accessing the private network by a user. However, for implementation of the IPSec, the access points become complicated in structure, and public key infrastructure (PKI) for authentication between access points is required, which is a disadvantage.
In the case where access points previously share a secret word or secret for authentication between access points, the public key infrastructure may not be required. In this case, however, as the number of access points is increased more and more, a load of maintaining the secret is increased more and more undesirably. That is, when the mobile node passes through n access points, each access point must maintain (n−1) secret. In addition, in this case, an authentication server on the network must manage IPSec security associations each used during data transmission between the access points.
In particular, during handover, the authentication method causes another security problem, authentication and security information used between a previous access point and a mobile node is continuously used even after the handover. Therefore, in order for the mobile node to safely continue communication with the current access point, all of the previous access points must be safe. That is, conventionally, there is high probability that security information will be exposed.